diff --git a/.github/workflows/run-tests-command.yml b/.github/workflows/run-tests-command.yml index d17ab929e..de32fe7d5 100644 --- a/.github/workflows/run-tests-command.yml +++ b/.github/workflows/run-tests-command.yml @@ -41,7 +41,7 @@ jobs: run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - name: Update with Result - uses: peter-evans/create-or-update-comment@v1 + uses: peter-evans/create-or-update-comment@v4 with: body: |- Please view the results of the PR Build [Here][1] @@ -59,7 +59,7 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 - name: Setup DotNet - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v4 with: dotnet-version: ${{matrix.dotnetversion}} - name: Install Pulumi CLI @@ -90,7 +90,7 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: ${{matrix.goversion}} - name: Install Pulumi CLI @@ -123,16 +123,16 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 - name: Setup DotNet - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v4 with: dotnet-version: ${{matrix.dotnetversion}} - name: Setup Node - uses: actions/setup-node@v2 + uses: actions/setup-node@v4 with: node-version: ${{matrix.nodeversion}} registry-url: https://registry.npmjs.org - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: ${{matrix.pythonversion}} - name: Install Python deps @@ -140,7 +140,7 @@ jobs: pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: ${{matrix.goversion}} - name: Install aws-iam-authenticator @@ -170,20 +170,20 @@ jobs: helm repo add bitnami https://charts.bitnami.com/bitnami - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v0 + uses: google-github-actions/auth@v2 with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: google-github-actions/setup-gcloud@v0 + uses: google-github-actions/setup-gcloud@v2 with: install_components: gke-gcloud-auth-plugin - name: Login to Google Cloud Registry run: gcloud --quiet auth configure-docker - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} @@ -239,9 +239,9 @@ jobs: runs-on: ${{ matrix.platform }} steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Node - uses: actions/setup-node@v2 + uses: actions/setup-node@v4 with: node-version: ${{matrix.nodeversion}} registry-url: https://registry.npmjs.org @@ -277,16 +277,16 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 - name: Setup DotNet - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v4 with: dotnet-version: ${{matrix.dotnetversion}} - name: Setup Node - uses: actions/setup-node@v2 + uses: actions/setup-node@v4 with: node-version: ${{matrix.nodeversion}} registry-url: https://registry.npmjs.org - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: ${{matrix.pythonversion}} - name: Install Python deps @@ -294,7 +294,7 @@ jobs: pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: ${{matrix.goversion}} - name: Install aws-iam-authenticator @@ -324,20 +324,20 @@ jobs: helm repo add bitnami https://charts.bitnami.com/bitnami - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v0 + uses: google-github-actions/auth@v2 with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: google-github-actions/setup-gcloud@v0 + uses: google-github-actions/setup-gcloud@v2 with: install_components: gke-gcloud-auth-plugin - name: Login to Google Cloud Registry run: gcloud --quiet auth configure-docker - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} @@ -406,7 +406,7 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: ${{matrix.pythonversion}} - name: Install Python deps @@ -464,16 +464,16 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 - name: Setup DotNet - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v4 with: dotnet-version: ${{matrix.dotnetversion}} - name: Setup Node - uses: actions/setup-node@v2 + uses: actions/setup-node@v4 with: node-version: ${{matrix.nodeversion}} registry-url: https://registry.npmjs.org - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: ${{matrix.pythonversion}} - name: Install Python deps @@ -481,7 +481,7 @@ jobs: pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: ${{matrix.goversion}} - name: Install aws-iam-authenticator @@ -511,7 +511,7 @@ jobs: helm repo add bitnami https://charts.bitnami.com/bitnami - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v0 + uses: google-github-actions/auth@v2 with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -519,13 +519,13 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: google-github-actions/setup-gcloud@v0 + uses: google-github-actions/setup-gcloud@v2 with: install_components: gke-gcloud-auth-plugin - name: Login to Google Cloud Registry run: gcloud --quiet auth configure-docker - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} @@ -571,16 +571,16 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 - name: Setup DotNet - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v4 with: dotnet-version: ${{matrix.dotnetversion}} - name: Setup Node - uses: actions/setup-node@v2 + uses: actions/setup-node@v4 with: node-version: ${{matrix.nodeversion}} registry-url: https://registry.npmjs.org - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: ${{matrix.pythonversion}} - name: Install Python deps @@ -588,7 +588,7 @@ jobs: pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: ${{matrix.goversion}} - name: Install aws-iam-authenticator @@ -618,7 +618,7 @@ jobs: helm repo add bitnami https://charts.bitnami.com/bitnami - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v0 + uses: google-github-actions/auth@v2 with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -626,13 +626,13 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: google-github-actions/setup-gcloud@v0 + uses: google-github-actions/setup-gcloud@v2 with: install_components: gke-gcloud-auth-plugin - name: Login to Google Cloud Registry run: gcloud --quiet auth configure-docker - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} diff --git a/aws-ts-lambda-efs/index.ts b/aws-ts-lambda-efs/index.ts index 2007175a5..47a8db8d7 100644 --- a/aws-ts-lambda-efs/index.ts +++ b/aws-ts-lambda-efs/index.ts @@ -4,6 +4,7 @@ import * as aws from "@pulumi/aws"; import * as apigateway from "@pulumi/aws-apigateway"; import * as awsx from "@pulumi/awsx"; import * as pulumi from "@pulumi/pulumi"; +import * as time from "@pulumiverse/time"; import { APIGatewayProxyEvent, APIGatewayProxyResult } from "aws-lambda"; import * as cp from "child_process"; import * as fs from "fs"; @@ -14,9 +15,30 @@ export = async () => { const vpc = new awsx.ec2.Vpc("vpc", { subnetStrategy: "Auto", enableDnsHostnames: true, + enableDnsSupport: true, }); const subnetIds = await vpc.publicSubnetIds; + const securityGroup = new aws.ec2.SecurityGroup("group", { + vpcId: vpc.vpcId, + ingress: [ + { + fromPort: 443, + toPort: 443, + protocol: "tcp", + cidrBlocks: ["0.0.0.0/0"], + }, + ], + egress: [ + { + fromPort: 0, + toPort: 0, + protocol: "-1", + cidrBlocks: ["0.0.0.0/0"], + }, + ], + }); + // EFS const filesystem = new aws.efs.FileSystem("filesystem"); @@ -26,7 +48,7 @@ export = async () => { targetArray.push(new aws.efs.MountTarget(`fs-mount-${i}`, { fileSystemId: filesystem.id, subnetId: subnetIds[i], - securityGroups: [vpc.vpc.defaultSecurityGroupId], + securityGroups: [securityGroup.id], })); } return targetArray; @@ -38,17 +60,42 @@ export = async () => { rootDirectory: { path: "/www", creationInfo: { ownerGid: 1000, ownerUid: 1000, permissions: "755" } }, }, { dependsOn: targets }); + // Add a 60-second delay to compensate for an eventual-consistency issue. + // See https://github.com/hashicorp/terraform-provider-aws/issues/29828 for details. + // This can be removed when the issue above is resolved. + const delay = new time.Sleep("delay", { + createDuration: "60s"}, + { dependsOn: targets }); + + const lambdaRole = new aws.iam.Role("lambda-role", { + assumeRolePolicy: JSON.stringify({ + Version: "2012-10-17", + Statement: [{ + Action: "sts:AssumeRole", + Principal: { + Service: "lambda.amazonaws.com", + }, + Effect: "Allow", + }], + }), + managedPolicyArns: [ + aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole, + aws.iam.ManagedPolicy.LambdaFullAccess, + ], + }); + // Lambda function efsvpcCallback(name: string, f: aws.lambda.Callback) { return new aws.lambda.CallbackFunction(name, { - policies: [aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole, aws.iam.ManagedPolicy.LambdaFullAccess], + role: lambdaRole, + vpcConfig: { subnetIds: vpc.privateSubnetIds, - securityGroupIds: [vpc.vpc.defaultSecurityGroupId], + securityGroupIds: [securityGroup.id], }, fileSystemConfig: { arn: ap.arn, localMountPath: "/mnt/storage" }, callback: f, - }, {dependsOn: targets}); + }, { dependsOn: [ delay ]}); } // API Gateway @@ -114,7 +161,7 @@ export = async () => { taskDefinitionArgs: { container: { image: "nginx", - name: "niginx", + name: "nginx", memory: 128, portMappings: [{ containerPort: 80, hostPort: 80, protocol: "tcp" }], mountPoints: [{ containerPath: "/usr/share/nginx/html", sourceVolume: efsVolume.name }], @@ -123,7 +170,7 @@ export = async () => { }, platformVersion: "1.4.0", networkConfiguration: { - securityGroups: [vpc.vpc.defaultSecurityGroupId], + securityGroups: [securityGroup.id], subnets: vpc.publicSubnetIds, assignPublicIp: true, }, @@ -133,5 +180,4 @@ export = async () => { return { url: api.url, }; - }; diff --git a/aws-ts-lambda-efs/package.json b/aws-ts-lambda-efs/package.json index fa9dd27df..e06d6ab78 100644 --- a/aws-ts-lambda-efs/package.json +++ b/aws-ts-lambda-efs/package.json @@ -6,6 +6,7 @@ "@pulumi/aws-apigateway": "^2.1.1", "@pulumi/awsx": "^2.0.0", "@pulumi/pulumi": "^3.0.0", + "@pulumiverse/time": "^0.0.17", "aws-lambda": "^1.0.7" } } diff --git a/gcp-ts-cloudrun/index.ts b/gcp-ts-cloudrun/index.ts index 328b0375b..ffe31f17c 100644 --- a/gcp-ts-cloudrun/index.ts +++ b/gcp-ts-cloudrun/index.ts @@ -50,6 +50,8 @@ const myImage = new docker.Image(imageName, { imageName: pulumi.interpolate`gcr.io/${gcp.config.project}/${imageName}:v1.0.0`, build: { context: "./app", + platform: "linux/amd64", + }, }); @@ -65,6 +67,11 @@ const rubyService = new gcp.cloudrun.Service("ruby", { memory: "1Gi", }, }, + ports: [ + { + containerPort: 8080, + }, + ], }], containerConcurrency: 50, }, diff --git a/gcp-ts-cloudrun/package.json b/gcp-ts-cloudrun/package.json index 0b96789ff..cc4a765b6 100644 --- a/gcp-ts-cloudrun/package.json +++ b/gcp-ts-cloudrun/package.json @@ -6,7 +6,7 @@ "@types/node": "^12.0.0" }, "dependencies": { - "@pulumi/docker": "^3.0.0", + "@pulumi/docker": "^4.0.0", "@pulumi/gcp": "^7.0.0", "@pulumi/pulumi": "^3.0.0" } diff --git a/misc/test/google_test.go b/misc/test/google_test.go index e0d154d28..d4feca150 100644 --- a/misc/test/google_test.go +++ b/misc/test/google_test.go @@ -184,21 +184,21 @@ func TestAccGcpTsServerlessRaw(t *testing.T) { integration.ProgramTest(t, &test) } -func TestAccGcpTsCloudRun(t *testing.T) { - test := getGoogleBase(t). - With(integration.ProgramTestOptions{ - Dir: path.Join(getCwd(t), "..", "..", "gcp-ts-cloudrun"), - RunUpdateTest: false, - ExtraRuntimeValidation: func(t *testing.T, stack integration.RuntimeValidationStackInfo) { - endpoint := stack.Outputs["rubyUrl"].(string) - helpers.AssertHTTPResult(t, endpoint, nil, func(body string) bool { - return assert.Contains(t, body, "Hello Pulumi!") - }) - }, - }) - - integration.ProgramTest(t, &test) -} +// Temporarily skipped. See https://github.com/pulumi/pulumi-gcp/issues/2155 for details. +// func TestAccGcpTsCloudRun(t *testing.T) { +// test := getGoogleBase(t). +// With(integration.ProgramTestOptions{ +// Dir: path.Join(getCwd(t), "..", "..", "gcp-ts-cloudrun"), +// ExtraRuntimeValidation: func(t *testing.T, stack integration.RuntimeValidationStackInfo) { +// endpoint := stack.Outputs["rubyUrl"].(string) +// helpers.AssertHTTPResult(t, endpoint, nil, func(body string) bool { +// return assert.Contains(t, body, "Hello Pulumi!") +// }) +// }, +// }) + +// integration.ProgramTest(t, &test) +// } func getGoogleProject() string { project := os.Getenv("GOOGLE_PROJECT")